Given a message $M$ and a cryptographic hash function $H$, let $f(M) = E_K(M || H(M))$ where $E_K$ is AES-128-CBC encryption with PKCS#5 padding. Take $H = \textrm{SHA-256}$ if it matters. In other ...

When using Encrypt-then-MAC with AES and HMAC by password, and given 128 bits of payload with the ciphertext to store a random salt, which would be more secure:
Using PBKDF2 with then entire 128 bit ...

It seems that GCM mode encryption has a clear advantage over CBC + HMAC in the sense that it only requires a single key. But it seems that there are some experts here that do not trust it enough to ...

I wish to manipulate short ASCII strings (namely unpredictable domain names) into a form which cryptographically assures authenticity and confidentiality, for use in the local part of email addresses. ...

I'm trying to make a strong authentication software and embedded software in a java card. I have found many papers and publications about the subject… too much information to process and I'm working ...

The OCB mode of authenticated encryption (used for example with AES) is the fastest way to provide authenticity and confidentiality without having to strive into questions like: Encrypt then MAC, MAC ...

I want to derive a 256 bit encryption key and a 256 bit MAC key from a single 256 bit master key for an authenticated encryption scheme.
I was considering the following construction to derive the two ...

I am actually checking use of EAX AEAD mode, and following EAX spec review (scheme definition for my part), my question is: what about the derivation of the authentication and encryption keys? In the ...

Consider the following authenticate-and-encrypt scheme that uses AES-128 in CBC mode for encryption and AES-128 - based CMAC for authentication:
Two keys are derived from the master key k (16 byte): ...